[RFC PATCH] use sulogin in single-user mode
Jon Ciesla
limb at jcomserv.net
Thu Jan 21 17:49:46 UTC 2010
Dominik 'Rathann' Mierzejewski wrote:
> On Thursday, 21 January 2010 at 18:21, Bill Nottingham wrote:
>
>> We have an existing bug where if you're in single-user mode, and
>> SELinux is active, various commands don't print to the console.
>> The root of this is the single-user shell isn't running in the
>> right SELinux context, as there's nothing to distinguish this from
>> the 'normal' shells run during bootup.
>>
>> By far, the simplest fix is to run something that starts a shell
>> via a 'normal' login-ish mechanism. Hence, the attached patch
>> that switches to sulogin for single user mode.
>>
>> However, this changes behavior that has existed since the dawn
>> of time in Red Hat/Fedora systems; with this change, single-user
>> mode would now require the root password. This is both when
>> booting with 'linux single/linux S', or going to runlevel 1
>> with 'telinit 1'.
>>
>> Comments?
>>
>
> Well, I understand the problem that this patch is addressing.
> However, the ability to get root shell on runlevel 1 without
> root password has always been a time saver when you forgot it
> or couldn't contact the previous admin. It saved me from:
> * booting from a livecd (assuming it had a cd drive)
> * booting from PXE (assuming it had a PXE-capable eth)
> * taking out the root drive and mounting it in a different
> machine
>
> So yeah, I'm slightly opposed to this change.
>
> Regards,
> R.
>
>
My thoughts exactly. What are the less simple fixes that don't change
this behaviour?
-J
--
in your fear, seek only peace
in your fear, seek only love
-d. bowie
More information about the devel
mailing list